ON CONGRUENT PRIMES AND CLASS NUMBERS OF IMAGINARY 

QUADRATIC FIELDS 

NILS BRUIN AND BRETT HEMENWAY 

Abstract. We consider the problem of determining whether a given prime p is a congruent 
number. We present an easily computed criterion that allows us to conclude that certain 
primes for which congruency was previously undecided, are in fact not congruent. As a 
result, we get additional information on the possible sizes of Tate-Shafarevich groups of the 
associated elliptic curves. 

We also present a related criterion for primes p such that 16 divides the class number of 
the imaginary quadratic field Q(^/— p). Both results are based on descent methods. 

While we cannot show for either criterion individually that there are infinitely many 
primes that satisfy it nor that there are infinitely many that do not, we do exploit a slight 
difference between the two to conclude that at least one of the criteria is satisfied by infinitely 
many primes. 



1. Introduction 

The results in this article are inspired by two related questions. 

(1) What exponents can occur for class groups of number fields? 

(2) What exponents can occur for Tate-Shafarevich groups of abelian varieties? 

In particular, we consider the 2-power part of class groups of imaginary quadratic fields 
and the 2-power part of the Tate-Shafarevich groups of quadratic twists of the elliptic curve 
Ei : y 2 = x 3 — x; these are the curves that play a role in the classical congruent number 
problem. 

In either case, it is known that the size of the 2-power parts of the groups can be made 
arbitrarily large by making the 2-torsion subgroups arbitrarily large. For class groups, these 
results come from Gauss's genus theory (see [LemOO, 2.2]) and for Tate-Shafarevich groups 
from an analogous construction (see [Kra83]). 

We limit ourselves to imaginary quadratic fields Q(y/—p), and quadratic twists E p : y 2 = 
x 3 — p 2 x, where in either case p is a prime. It is known that there are infinitely many 
primes p such that the group classes of fractional ideals modulo principal ideal C1(Q( V /— p)) 
contains elements of order 2, 4, or 8. Existing results establish a similar fact for for the 
Tate-Shafarevich group UI(E P ) of E p , namely that there are infinitely many primes p such 
that ni(£/ p )[2] ~ (^/2) 2 and, if one assumes that elliptic curves of rank 2 are extremely 
rare, that one has Z/4 > UI(E p ) for infinitely many p. The proofs in either case consist of 
observing that the answer to either question is governed by the splitting of p in some fixed 
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number field. The Chebotarev Density Theorem then guarantees the existence of infinitely 
many p with the desired property. 

Our results provide a characterization of the primes for which the relevant groups are one 
step bigger. Unfortunately, the result does not seem to correspond to a splitting condition 
in some fixed extension anymore, so an infinite number of primes satisfying the criterion is 
not guaranteed. We introduce some notation to formulate our results precisely. 

It follows from genus theory that for p = 3 (mod 4), the class number of Q(y/—p) is odd. 
For p = 1 (mod 4), we write h(—Ap) = # Cl(Z[ v / = p]), which is equal to the class number of 
Q(V~p)- I n this case genus theory also guarantees that Cl(Z[- v / = p])/2 Cl(Z[- v / = p]) ~ Z/2, 
so the 2-power part of Cl(Z[- v / = p]) is cyclic. 

Question A. Given e > 0, how can we characterize the primes p such that 2 e | h(-Ap)? 

Note that 2 is ramified in Q(^/ ZI p) if p = 1 (mod 4), so there is an ideal t C Zf^/^p] 
such that t 2 = 2Zf yj— p\. Since Zf^/— p| does not contain an element of norm 2, we have 
that [t] G C1(Z( V /— p)) is of order 2. Answers to Question A can therefore take the form of 
descriptions of the sets 

V(e) = {p prime : p = 1 (mod 4) and 2 e | h(—4p)}, 

= {p prime : p = 1 (mod 4) and [t] G 2 6_1 Cl(Q( v / = p))}. 

Classical results together with Barrucand-Cohn (see [BC69]) establish (see Section 4 for 
notation) 



1 + = 

p ■ 



(la) 


V(l) 


= {p prime 


: p = 1 


(mod 4)}, 


(lb) 


V(2) 


= {p prime 


: p = 1 


(mod 8)}, 


(1c) 


1/(3) 


= {p prime 


:p = l 


(mod 8) and 



The set U(3) consists exactly of the primes that completely split in K\ = Q(y/1 + i) = Q(a), 
where a 4 — 2a 2 + 2 = 0. Let 5 P G K x be an algebraic integer satisfying Normx 1 /Q(j)(5 p ) = p 
and let p p be a prime of Ki above p such that <5 P ^ p. We will check that the quadratic 
symbol (^y-) does not depend on the actual choices of 5 P and p. We prove 

Theorem A. 

(Id) ^(4) = {p prime : p = 1 (mod 8) and = ^"p^") = 

In [Ste93, Theorem 2], which provides references for (la),(lb),(lc), there is a different 
criterion for membership of V(4), in terms of the 2-adic logarithm of the fundamental unit 
ofQ(Vp). 

For III(i?p) we proceed in a way similar to Question A. For an abelian group G we write 
(^[2°°] for its 2-primary subgroup. 

Question B. Given e > 0, how can we characterize the primes p such that III(i?p)[2 00 ] 
contains element of order 2 e ? 

In classical terminology, a positive integer is called congruent if E n (Q) has positive rank. 
In order to avoid confusion with other uses of the word, we italicize it whenever used with 
this meaning. 
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(2) C p , 2 

Cp,3 



It is already known (see Section 6) that if n = p is a prime with p ^ 1 (mod 8) then 
III(i?p)[2 00 ] is trivial. Therefore, we concentrate on the case p = 1 (mod 8). Then either p 
is congruent or III(_Ep)[2] ~ (Z/2) 2 . In fact, we can write down 3 principal homogeneous 
spaces of E, given by 

y 2 = p( x 4 - Qx 2 + 1) = p(x 2 + 2x- l)(x 2 -2x-l) 
y 2 = p( x 4 + 4) = p(x 2 + 2x + 2)(x 2 -2x + 2) 

y 2 = p( X 4 + 1), 

which have points everywhere locally. They represent possibly trivial classes ^1,^2,^3 G 
III(£'p)[2] which generate the group and satisfy £1 + £2 = £3- To test the triviality of we 
are led to considering 

W(e) = {p prime : p = 1 (mod 8) and & G 2 e " 1 LQ( J B p )}. 

The Cassels-Tate pairing [Cas62] implies that if there exists an e > 1 such that & ^ 2 e m(£ , p ) 
(i.e., £j is not totally 2-divisible) then IH(.Ep)[2] ~ (Z/2) 2 . In that case no C p ^ has a rational 
point and p is not congruent, also implies that the definition of W(e) does not depend on 
which £j is chosen. 

For Question A, we know that [t] is nontrivial, so divisibility of this class directly yields 
results on h(— 4p). We do not have a corresponding guarantee for Question B. For instance, 
if all are trivial, as happens for p = 41, then p e VF(e) for all e but III(i?p)[2 00 ] = 0. On 
the other hand, if we establish that p G W(e) and p W(e + 1) then it does follow that & 
is nontrivial and we can conclude that 2 e divides the exponent of T\I(E p ). 

Results attributed to A. Genocchi and L. Bastien (see [Dicl9, Chapter XVI] and [Tun83]) 
essentially establish 

(3a) W(l) = {p prime : p = 1 (mod 8)}, 

(3b) W(2) = {p prime : p = 1 (mod 8) and ( — — J = 1}. 

\ p J 

In the statement below, we use the same S p ,p p as in Theorem A. Furthermore, let ( be a 
primitive eighth root of unity. For p = 1 (mod 8), we have that ( G Q p . We prove 

Theorem B. 

(3c) W(3) = {p prime : p = 1 (mod 8) and = (^) = 

While the criteria in Theorems A and B do not immediately guarantee that there are 
infinitely many primes satisfying them, the fact that the descriptions do not completely 
agree allows us to conclude: 

Corollary 1.1. At least one ofW(3) and V(4) is infinite. 

Proof. Note that W(2) = V(3) contains infinitely many primes p satisfying p = 9 (mod 16). 
For these primes we have (^) = —1, which is exactly the symbol by which the descriptions 
of V(A) and W(3) differ. Therefore we have either p G V(A) or p G W(3). It follows that at 
least one set must be infinite. □ 

In Section 2 we derive some more results along these lines. Let us conclude with noting 
that the criteria for 14^(3) and V(4) are easy to test computationally for individual primes. 
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Remark 1.2. It is easy to compute with a computer algebra system that 10 200 + 16737 is 
the first prime beyond 10 200 such that p G V(3) = W(2), but p V(4),W(3) and that 
q = 10 200 + 28729 is the first such prime such that q G V(4) but g ^ W(3). In particular 
neither prime is congruent. 

2. Implications 

Just from equations (3a) and (3b) it follows that there are infinitely many primes p G 
W(l) \ W{2). Hence there are infinitely many primes p with (Z/2Z) 2 LH(.E'p). 

Note that elliptic curves of rank bigger than 1 seem very rare, so one would expect that 
for most p G W{2) it is still the case that at least one £j is non-trivial. Indeed, the discussion 
in [RS02, Section 7] suggests that the following is plausible. 

Assumption 2.1 (Goldfeld for primes). The primes p for which E p (Q) has rank 2 have 
asymptotic density in the set of all primes. 

With this assumption, Equation (3b) would imply that there are infinitely many p for 
which Z/4 > HI(Ep). If in addition we assume that only the trivial element in T\I(E P ) is 
totally divisible, then [DD10, Corollary 4.20] implies that the parity conjecture holds for E p . 
This would exclude the possibility that E p (Q) has rank 1 for p = 1 (mod 8) and we obtain 
that for infinitely many p we have (Z/4) 2 <—} UI(E P ). 

Numerical data suggests that V(4) has asymptotic density | in V(3). Indeed, it has been 
conjectured [CL83, CL84] that such a density exists, but to our knowledge this conjecture is 
still open. Comparison of our descriptions of V(4) and W(3) shows that W(3) would have 
an asymptotic density if and only if V(4) has one. At least one would expect that V(4) and 
W(3) are both infinite. We can combine Theorems A and B to prove half of that. 

Corollary 2.2. At least one of the following statements is true. 

(a) There are infinitely many primes p such that (Z/4) 2 <—} UI(E P ). 

(b) There are infinitely many primes p such that 16 | h(— 4p). 

Proof. The first statement holds for primes p G W(2) \ W(3), while the second statement 
holds for primes p G V(4). The intersections of V(4) and W{3) with p = 1 (mod 16) 
coincide. If V(4) were finite then there would be only finitely many primes in W(3) that 
satisfy p = 1 (mod 16). Since W(2) contains infinitely many such primes, the corollary 
follows. □ 

Again, using Assumption 2.1 we can obtain a stronger, conditional result. 

Corollary 2.3. Under Assumption 2.1, at least one of the following statements is true. 

(a) There are infinitely many primes p such that Z/8 > UI(E p ). 

(b) There are infinitely many primes p such that 16 | h(— 4p). 

Proof. The first statement follows if W{3) contains a set of positive asymptotic density in 
the primes and the second follows if V(4) is infinite. When restricted to primes p = 9 
(mod 16), the two sets are complementary in V(3) = W(2). Hence if V(4) contains only 
finitely many primes congruent to 9 modulo 16, then W{3) does contain a positive density 
set. The corollary follows. □ 
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3. Some related modular results 



Observations going back to Gauss (see [Dicl9b, Chapter VI]) link class numbers to coef- 

3 
2' 



ficients of modular forms of weight §, in particular the cube of the classical Jacobi Q-series. 



We write 
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n=0 

The class number relation relevant for our problem is that for primes p = 1 (mod 4) we have 

The other coefficients relate to class groups as well. For any particular p one can use this 
relation, or other methods, to compute h(—Ap) and hence decide for which e one hasp G V(e), 
at least in principle. 

For the congruent number problem, Tunnell [Tun83] identified a specific modular form 



E 



a n q n e 53(fo(128)) 



such that for odd n we have that a n ^ implies that n is not congruent. He also gives another 
form for even n. His result relies on Waldspurger's work on the Shimura Correspondence and 
the part of the Birch-Swinnerton-Dyer conjecture (BSD) proved by Coates-Wiles. Tunnell 
also observes that the full BSD-conjecture implies that for non- congruent primes p we have 

#U1(E P ) = \a\. 

Rubin's work [Rub87] imposes severe restrictions on the values that #UI(Ep) / 'a 2 p can take, 
but it does not provide any information on ord2(#LU(i?p)/ap). Therefore, even though the 
analytic approach does provide means to prove that numbers are not congruent, it requires 
unproven parts of BSD to provide any results for Question B. 

It is also worthwhile to note that for neither question would analytic approaches be feasible 
to answer questions for primes in the range of Remark 1.2. This is not too surprising, 
since the analytic approaches would find the integers h(—Ap) (unconditionally) and #m(E p ) 
(conditionally), whereas Theorems A and B only provide information on the valuation at 2 
of those integers. 



4. Preliminaries 

When K is a number field, we write Ok for its ring of integers and O k for its group of 
units. We write Cl(i^) = C\(O k ) for its ideal class group. When S is a finite set of places 
of K, we write Ok,s for the ring of S'-integers. 

If p C O k is a prime ideal, we write (-) : K /p ->■ {0,±1} for the associated quadratic 
character on the residue field, extended by setting (jj) = 0. When p is a principal ideal 
generated by n G O k , we write (^) = (^). For an element a G O k we write (^) for the 
quadratic character of the natural image of a in K /p- When p is completely split over 
a rational prime p, we denote (^) = (^) if the value of the symbol is the same for all p 
dividing pOk- In this case the symbol can be computed by taking any element a' G ¥ p that 
is a root of the minimal polynomial of a modulo p and computing the Legendre symbol (y) . 
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In what follows we need a variety of number fields. We fix notation and names for these 
fields. Let p be a rational prime. We consider the following extensions. 




If p 7^ 2 then L 1 can be described as the unique quartic subfield of H 2 that contains \/p(l + i). 

The choice p = 2 plays a special role. We fix separate names Mj for Hi and N for L . 
Note that M 2 is galois over Q and that it contains two conjugate subfields isomorphic to K x . 
We identify K\ with one of them. We write N\ for one of the non-normal quartic subfields 
containing No. 

We will conduct some involved computations in M 2 and its subfields. Some of these 
computations depend on the conjugates chosen. To avoid confusion, we fix a generator (3 for 
M 2 , satisfying the relation 

/3 8 - 4/3 7 + 12/3 6 - 20/3 5 + 24/3 4 - 20/3 3 + 12/3 2 -4/3 + 1 = 0. 

We write 

p ■= I(/3 7 + 2/3 6 + 3/3 5 + 5/3 4 + 5/3 3 + 3/3 2 + 2/3 + 1) 
a ■= -9/3' + 7/3 6 - 9/3 5 + 25/3 4 - 14/3 3 + 19/3 2 -4/3 + 2 
C := -11/3' + 9/3 6 - 12/3 5 + 33/3 4 - 18/3 3 + 23/3 2 - 5/3 + 3 
i : = C 2 = a 2 - 1 

e ■= -8/3' + 6/3 6 - 7/3 5 + 19/3 4 - 7/3 3 + 10/3 2 
v^:=e 2 -l, 

which fixes embeddings of K x = Q(a) and N t = Q(e) into M 2 . Note that Aut(M 2 /Q) = D 4 , 
the dihedral group of order 8. We denote by a the involution of M 2 that leaves N\ fixed and 
by t the involution that leaves K\ fixed. Then (a, r) = Aut(M 2 /Q) and we write p = (o"r) 2 , 
for the central involution of Aut(M2/Q), which leaves Mi fixed. The unit groups of the rings 
of integers of these fields are = (i, a + 1), = (—1, e, rf) and 0^ 2 = ((, a + 1, e, /3). 

We will find use for the following elementary lemmas which have undoubtedly been stated 
and proved many times, but for which we were unable to locate a reference. 

Lemma 4.1. Let p = 1 (mod 8) be a prime and suppose that x,y, D G Z with p\ D and 

x 2 — Dy 2 = p. 
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Then for a 2 = D (mod p) we have either x + ay = (mod p) or 

' a(x + ay) ^ = ^ 

Proof. We thank Soroosh Yazdani for pointing out the following proof. Note that x 2 — Dy 2 = 
(x + ay)(x — ay) = (mod p), so either x + ay = (mod p) or x — ay = (mod p). The 
lemma holds in the first case, so we assume the latter. Then 

x(x + ay) = ay[x + ay) (mod p) and 2x = (x + ay) (modp). 

It follows that 

^ 2ay(x + ay) ^ = ^ 

We are left with establishing that (|) = (|) = 1. For any prime q dividing y we have x 2 = p 
(mod q), so (|) = 1. Since p = 1 (mod 8), quadratic reciprocity gives us (|) = 1 and 
(^) = 1, so y is a product of squares modulo p and therefore a square modulo p itself. □ 

Lemma 4.2. Lei 7r G Z[i] be a prime element satisfying n = 1 (mod 2Z[i]), Normz[i]/z(7r) = 
1 (mod 8) and (— ) = 1. Suppose that x,y,D e Z[«] 7r f D and — Dy 2 = 7r. Taen 
/or a 2 = D (mod p) we nave either x + ay = (mod 7r) or 

7T y 

Proof. Note that quadratic reciprocity for Z[i] (established by Gauss and Dirichlet [LemOO, 
Proposition 5.1]) says that if 7r, A G Z[i] are distinct prime elements satisfying ir, X = 1 
(mod 2Z[i]) then (J) = (f ). We can write y = i a (l + ifX? ■ ■ ■ \ e r 2 , where Ai, . . . , A r e Z[i] 
are prime elements satisfying \j = 1 (mod 2Z[i]) (we can ensure this by multiplying by 
% is necessary). It follows that = (f-)- The conditions in the lemma ensure that 

(^) = (^) — 1- This establishes the required ingredients to complete the proof in the 
same way as for Lemma 4.1. □ 



5. Class groups as local-global obstructions 

There are various ways to prove (lb) and (lc). The proofs we give here are based on 
norm-form equations and are in the spirit of Gauss's treatment of genus theory. The lack 
of reference should not be construed as a claim to priority, but rather as evidence that it is 
hard to find a reference for such elementary facts. These methods have the great benefit that 
the techniques readily apply over extensions of the base ring as well. Doing so appears to 
provide a novel ingredient and allows us to prove something about V(4). First we introduce 
some terminology and an elementary lemma that links solutions to norm form equations to 
divisibility in class groups. 

Let R be a principal ideal domain of characteristic different from 2 and let k be its field 
of fractions. Suppose d G R is a non-square. Let L = k(Vd) and let Ol C L be the integral 
closure of R in L. We write C\(Ol) for the ideal class group of Ol- 
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Definition 5.1. We say that a pair (x,y) G k x k is \fd-primitive if the principal fractional 
ideal (x + yy/d)Oi is integral and is not contained in the extension of any proper ideal from 
R to Ol, i.e. for all a G R we have that 

(x + y\fd)C>L C clOl if and only if a is a unit in R. 

The definition ensures that for a v^-primitive pair (x,y), the principal ideal (x + yy/d)Oi 
is not divisible by any prime ideals that are inert for Ol/R and that if a split prime q 
divides (x + y\fd)OL then the conjugate prime does not. This means that we can read off 
the exponents in the ideal factorization of (x + yVd)Oi from its norm (x 2 — dy 2 )R. Since R 
is a principal ideal domain, this corresponds to the factorisation of x 2 — dy 2 as an element 
of R. 

Remark 5.2. If {1, y/d} forms an i?-basis of Ol then a pair (x, y) is v^-primitive if and only 
if x, y G R and xR + yR = R. In particular, if R = Z and d is squarefree and d = 3 (mod 4) 
then (x, y) is v^-primitive if and only if x, y G Z with gcd(x, y) = 1, which is the usual 
meaning of primitive. 

Lemma 5.3. Let R be a principal ideal domain with field of fractions k. Let L = k{\fd) be 
a quadratic extension of k and let Ol be the integral closure of R in L. Let p C Ol be a 
prime ideal with norm pR. We have 

[p]enCl(0 L ) 

if and only if there is a unit u G R x such that the equation 

x 2 — dy 2 = up z n 
has a solution x,y,z G k with (x, y) a \fd-primitive pair. 

Proof. First suppose we have a solution with (x, y) a v^-primitive pair. We denote the ideal 
factorisation of the principal ideal generated by x + yVd by 

r 

(4) (x + yVd)0 L = p e °l[q?. 

i=i 

The primitivity condition guarantees that none of the p and are extensions of ideals in R, 
so each is either split or ramified. That means that Norm(qj) = qiR for some prime element 
qt. Furthermore, note that if q^ and q^ have the same norm, then q^- = (^Cl, which would 
contradict the primitivity of x, y. 

Taking norms of both sides of (4) we obtain for some unit u G R x that 

r 

x 2 - dy 2 = up e ° Y\ (fC = upz a - 
i=i 

Unique factorization gives that eo = 1 (mod n) and that = (mod n) for i = 1, . . . ,r. 
When we use that the left hand side of (4) is a principal ideal, we get the following identity 
mC\(0 L ): 

= [p^ qT . . . C] = [p] + [p eo-l q ei . . . q e r] = [p] + n[fl]j 

where a = p (e °- 1 )/ n q'j 1 / n • • • q^ n . This establishes one direction of the proof. 

For the converse, let a C Ol be an ideal such that [p] = — n[a\. This uses that Ol 
is a Dedekind domain, so all ideal classes are represented by integral ideals. In fact, we 
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can represent all ideal classes while avoiding a finite set of primes, so we can assume that 
Norm^/fc(o) is not divisible by p. Note that inert ideals are principal and that conjugate 
primes represent inverse classes, so without loss of generality we have a = q^ 1 ■ • • q^ r , where 
the qi are split or ramified and have distinct norms. Then pa™ is principal, so pa™ = (x + 
y\fd)OL, where our assumptions on a ensure that (x, y) is a primitive pair. By picking z G R 
such that zR = AT (a), we obtain a solution as desired. □ 

Proof of (lb). We apply Lemma 5.3 with k = Q, L = H = Q(^/—p) and p = t the ramified 
prime ideal of Ol over 2. We have already established that the class of t has order 2. We 
obtain that p G V(2) if and only if the equation 

(5) x 2 + py 2 = 2z 2 

has a solution such that (x,y) is ( v / = p)-primitive. A priori, we also need to consider the 
equation x 2 + py 2 = —2z 2 but that obviously does not have primitive solutions. 

Since Equation (5) is homogeneous, any non-zero solution is proportional to a -J—p- 
primitive solution. Furthermore, the Hasse-Minkowski theorem guarantees that this equation 
has a solution if and only if it has solutions everywhere locally. 

For solvability at p, one needs that 2 is a square modulo p and for solvability at 2 one need 
that p is a square modulo 4. These conditions are met if and only if p = 1 (mod 8). □ 

Proof of (lc) . Lemma 5.3 gives p G V(3) if and only if there are x,y,z G Z with gcd(x, y, z) = 
1 such that 

x 2 +py 2 = 2z A . 

We observe that this implies that x, y are both odd and rewrite this to 

- py 2 = ( x - V2z 2 )(x + V2z 2 ). 

Let N = Q(v / 2)- We write r for conjugation of N /Q, so for a = u + we have 

T a = u — vy/2. 

Since obviously V(3) C V(2), we can assume that p = 1 (mod 8) by (lb). Hence p is 
split in A^o- Furthermore, since O^ is a principal ideal domain and the fundamental unit 
e = 1 + \[2 has norm —1, we have an element ix G On such that n T n = —p. Primitivity 
implies that there is a 7 G On with 7 ^ \/2On such that 

- z 2 V2) = ±7T 7 2 
{x + z 2 V%) = ± T 7r T 7 2 . 



From this equation we derive that 

(6) ±2V2z 2 = V7 2 - 7T 7 2 , 

Local solvability at 2 forces the sign choice. Local solvability at ttOl implies that 

Conversely, note that if we write 7 = 5 + t\[2 and collect coefficients with respect to y/2 in 
(6) then we get a conic in s, t, z with solutions everywhere locally and hence globally. With 
some further standard calculations we can also check that we can find a point satisfying the 
appropriate primitivity conditions. 



In order to simplify the symbol above, note that Lemma 4.1 implies that ( ^(i+V2) T 7r ^ — \ 

Furthermore, with the right choice of conjugates, one has (l + v / 2)(l+«) = (C 3 — l) 2 - Together 
this yields 

/0 , f>/2 T A fl + y/2\ fl + f 

1°) 



nO L I \ p J \ p 

where the fact that p = 1 (mod 8) guarantees that the symbol is independent of choice of 
conjugate. □ 

Note that in the above two arguments, we obtained a criterion for p £ V(e) for e = 2, 3 by 
reducing the condition in Lemma 5.3 to the existence of a rational point on some conic, which 
is entirely determined by local conditions. We can handle the two cases above with p as a 
parameter because the extensions involved in deriving the relevant conies are independent 
of p. For higher e this does not seem to be the case anymore and this approach does not 
seem to have much benefit over computing Cl(Q(y/—p)) directly. 

The following corollary to a classical result by Dirichlet (1842) allows us to link the class 
groups of H = Q(-\/ = p) and H 1 = Q( v /p, i). We can then consider Hi as a quadratic 
extension of K = Q(i), whose ring of integers is a principal ideal domain. This allows us 
to apply Lemma 5.3, to obtain an alternative proof for (lc) and derive a new criterion for 

peV(A). 

Proposition 5.4 ([Coh78, Corollary 19.8c]). Let p > be a prime, let h! = #Cl(Q( v /p)), 
let h = # Cl(Q(v/=p)) and let h ± = # Cl(Q(i, y/=p)). Then 



\h Q h' ifp=l (mod 4) 

hoh' if p = 3 (mod 4) or p = 2 



For a prime satisfying p = 1 (mod 8) we have that h! is odd by Gauss's genus theory. 
Note that 2 ramifies in Kq = Q(i) and splits in L$ = Q(y / p). That means that Hi has two 
primes ti,t2 over 2, each of ramification index 2. Furthermore, since hi is odd, we see that 
[t 2 ] and [t 2 ,] have odd order in the class group. 

Extension of ideals from Oh„ to Oh 1 gives a homomorphism 

Cl(# )[2°°] -> Cl^)^ 00 ] 

and it is easy to check that the kernel is of order 2. In view of Proposition 5.4 this means 
that the map is surjective and thence that C^iJi)^ 00 ] is cyclic. The last fact also follows 
from applying genus theory to the relative extension Hi/L . 

Lemma 5.5. Let p = 1 (mod 8) be a rational prime and let e > 2. We have p £ V(e) if 
and only if the equation 

(9) x 2 +py 2 = (l + i)z 2e ~ 2 

has a solution x,y,z £ Q(i) with 

(x-iy)Z[i\ + 2yZ[i] = Z[i]. 

Proof. Lemma 5.3 with (L, R, p, d,p) taken to be (H 1 , Z[i], ti,p, 1 + i) (a shift in symbols 
used seems unavoidable here), links the equation in the lemma to the question whether 
[ti] £ 2 e ~ 2 C\(Hi) and hence whether p £ V(e). For x £ Q(i) we write a x for its conjugate 
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over Q. Note that if (x, y) give rise to a solution then ( a x, a y), (i x,iy), x), a (i y)) give rise 
to solutions to x 2 + py 2 = uaz 2 " where u — i, — 1, —i. Therefore, the choice of the unit u 
in Lemma 5.3 does not affect solvability of the equation. 

Note that {1, ^(y/—p + i)} is a Z[i]-basis of Ou x . Therefore, (x,y) is a ^/^p-primitive pair 
in Z[i] if 

y/—p + i 



x + yy—p = u 



2 ' 

with u,v G and gcd(w, v) — 1. That corresponds to the condition given in the lemma. □ 

Alternative proof of (lc). Since V(3) C V(2), we can assume that p G V(2) and hence that 
p = 1 (mod 8). Lemma 5.5 yields that a necessary condition for p G V(3) is that 

i + 1 



p 

for both choices of i, because otherwise the conic given by (9) does not even have local points 
at a place above p. However, note that 

l + fl-i\ (1. 



V J \ V J \P 

because p = 1 (mod 8). Hence, the symbol does not depend on the choice of %. Furthermore, 
we can check that at (1 + i)Z[i] there is no local obstruction to primitive solutions. The 
Hasse-Minkowski theorem once again guarantees the existence of rational solutions and the 
homogeneity of the equation allows us to derive primitive solutions from that. Therefore, 
the condition is also sufficient. □ 

Proof of Theorem A. Let us assume that p G V(3). By Lemma 5.5 we have that p G V(4) if 
and only if we have a solution x,y,z G Q(i) to 

-py 2 = x 2 -(l + t)z\ 

satisfying the additional conditions stated. We adopt the notation from Section 4 and factor 
this equation over K\ to obtain 

x + z 2 a = 8^1 
x-z 2 a = p 8 p i\ 

for some 8 representing a class in K* /(K* ) such that N Kl / Ko (8) G —pK^ 2 . Our primitivity 
condition together with the fact that 2 is completely ramified in K\ yields that 8 can be 
represented by an algebraic integer that is a unit outside the primes above p. 

Our conditions on p ensure that p is completely split in K 1 . Let u,v G Z be such that 
p = u 2 + v 2 and suppose that 7Ti, . . . , 7T4 G Ok 1 such that Norm^/Q^j) = p and 111112 = 
u + iv and = u — iv. The unit group of Ok x is generated by {i, 1 + a}. Since 

Normx 1 /Q(i)(l + a) = —1 is not a square, the possible values for 8 are 

7TX7T3, 7Ti7r 4 , 7r 2 7r 3 , ir 2 lT 4 , i7Ti7r 3 , i7Ti7r 4 , ?7r 2 7r 3 , i7r 2 7r 4 
A necessary condition for p G V(4) is that 



(10) 



2z 2 a = 8e i - p 8 p il. 
11 



has solutions everywhere locally. Noting that i is a square modulo p, we see that there must 
be j, k e {1, . . . , 4} with {j, k} ^ {1, 2}, {3, 4} such that for all I we have 

However, note that Lemma 4.1 yields identities such as 

/ 7Ti7T 2 \ _ / M + iv \ _ ( l \ _ ^ 
V ^3 / V ^3 / VW 

which allow us to deduce that the value does not depend on the actual choices of j, k, I as 
long as I {j, k}. Note that p 5 5 is a square locally at the prime above 2, so we do not get 
any local obstructions there either. Therefore, the condition in the theorem is sufficient for 
(10) to have points everywhere locally and hence globally. Checking that these points also 
give rise to primitive solutions is routine. □ 

6. Congruent numbers: the first step 

All classical results on congruent primes can be obtained via straightforward 2-(isogeny) 
descent on either E p or one of its 2-isogenous curves. See for instance [Hem06]. We only 
state the parts that are important for our subsequent analysis. 

(i) If p = 3 (mod 8) then rk£ p (Q) = and UI(E P /Q)[2] = 0. 

(ii) If p = 5,7 (mod 8) then rk£ p (Q) < 1. In fact, Monsky [Mon90] establishes equality 
and hence UI(E p /Q)[2] =0. 

(iii) If p = 1 (mod 8) then rk£ p (Q) < 2. 

In the last case, p = 1 (mod 8), some further work shows that the homogeneous spaces 
from (2) are everywhere locally solvable and that rational points on them would give rise to 
independent points on E p . We analyze when this can be the case for C Pt i and C Pj2 . 

Lemma 6.1. Let p = 1 (mod 8) be a prime. Then C Pi i has a rational point if and only if 
the following curve has one. 

D pA : v 2 = p(u A - Au 3 - 6u 2 - Ylu - 7) 

Furthermore, D p l has points everywhere locally if and only if (— ) = 1. 

Proof. For any rational point on C P) \ there exists a value 5 (determined up to squares) such 
that the point lifts to 

JV = 5(x 2 + 2x-l) 
p,i: \v 2 = %x 2 -2x-l). 

With some elementary resultant computation, one can show that it is sufficient to consider 
5 E {±1, ±2, ±p, ±2p} and a straightforward local computation shows that for 5 G {±2, ±2p} 
the curve does not have Q2-points. 

Furthermore, the automorphisms of C Pt i corresponding to x \— > - and x h- >■ —x show that 
the remaining values for 8 all lead to isomorphic curves, so it is sufficient to consider 5 — 1. 

We parametrize the first conic by (x, w) = ( 2 " M +i) > "2(^+1) 1 ) ■ Substituting this parametriza- 
tion into the second conic yields the given model of D p l . 

Note that since p = 1 (mod 8), the local solvability of D p \ over Q 2 does not depend on 
p. Similarly, because p > 0, the local solvability over R does not depend on p either. Given 
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that _D Pi i has good reduction at all other primes, the only obstruction to local solvability can 
be at p. Note that if (uq, vo) G D Pt i(Q p ) then we need that ord p (-UQ — 4-u[j — 6-u 2 , — 12-u — 7) 
is odd. For this we need that the quartic has a root in Q p . Note that 



u 4 



- 4w 3 - 6m 2 - 12m - 7 = (u 2 - 2(1 + y/2)u - 1 - V2)(u 2 - 2(1 - y/2)u - 1 + y/2) 



and that the quadratics on the right hand side have discriminants 16(1 ± a/2). Furthermore, 
since p = 1 (mod 8) we have y/2 G Q p , so D P: i(Q p ) is non-empty if and only if 

J- i 



see (8) for the reason why the first equality holds. □ 

Lemma 6.2. Let p = 1 (mod 8) be a prime. Then C Pi 2 has a rational point if and only if 
the following curve has one. 

D Pt2 : v 2 = p{u 4 - 4u 3 + 24m + 20) 
Furthermore, the curve D p 2 has points everywhere locally if and only if (^) = 1. 
Proof. A rational point on C Pt2 lifts, for some 5, to 



D 



p,2- 



w 2 = S(x 2 -2x + 2) 
2 = Ux 2 + 2x + 2). 



The first conic only has real solutions if 5 > and with an elementary resultant computation 
one can show it is sufficient to consider 5 G 2,2p}. Furthermore, the automorphisms 

of C p corresponding to x i— > \ and x h-> —x show that all choices lead to isomorphic curves, 
so it is sufficient to consider 5—1. 

We parametrize the first conic by (x,w) = (f^zf, - 2u+2 2 ) • Substitution into the second 
yields the given model of D p 2 . 

For p = 1 (mod 8), the curve D p 2 has points at all primes outside p. For a point (u , v ) G 
DppiQp) we need ord p («o — 4«q + 24-u + 20) to be odd, so the quartic should have a root in 
Q p '. Note that 

u 4 - 4m 3 + 24m + 20 = (u 2 - (2 - 2i)u - 4 + 2i)(u 2 - (2 + 2i)u — 4 — 2i) 

and that the discriminants of the quadrics on the left hand side are (1 + i) 9 and —i(l + if 
respectively. The statement in the lemma follows by considering when these are squares in 

Q P . □ 

Either of Lemmas 6.1 and 6.2 establishes that primes p = 1 (mod 8) for which (^) = —1 
are not congruent. This result is already mentioned in [Basl5] and [Tun83]. In order 
to interpret these results in terms of Question B, we briefly review the relations between 
isogenies and Tate-Shafarevich groups in the next section. 
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7. Sha and isogenies 



In this section, we review the conditions under which we can conclude the existence of 2 e - 
torsion in III(.E') by exhibiting 2 e_1 -torsion in UI(E') for an appropriate 2-isogenous elliptic 
curve E' . We use part of the proof that the truth of the Birch and Swinnerton-Dyer conjecture 
is constant in isogeny classes (see [Cas65] or [Mil06, 1.7]). 

Let E be an elliptic curve over a number field k and let 0: E — >■ E' be an isogeny. 
Since elliptic curves are self-dual, we can interpret the isogeny dual to as V : E' — > E. 
Suppose that m = deg(0). Then the multiplication- by-m homomorphism on E factorizes as 
m = V o 0. 

Note that elements of III(.E') are represented by principal homogeneous spaces C, so they 
have a free transitive Enaction. We can use this together with an isogeny : E — > E' to 
induce a homomorphism 

0: 111(F) ->■ UI(E') 

C ^ C/ker(0) 

We write III(£')[0] for its kernel. 

For any abelian group A we define its divisible subgroup to be 

Adiv {a E A : a E mA for all m — 1, 2, . . .} 

and write A nd := A/A div . General results from descent show that the p-primary parts of 
UI(E) nd are all finite. 

The Cassels-Tate pairing yields non-degenerate, alternating pairings 

m(E) Qd x III(£) nd >Q/Z 

<$> </> v 

nd * V> 

with the diagram commuting in the sense that 

In particular, the pairing induces an alternating, non-degenerate pairing 

(ii) in(£') nd [0 v ] x in(E / )nd/0in(E) nd -> q/z. 

Lemma 7.1. Let : E — >■ £" fre a p-isogeny between elliptic curves over a number field k. 
Suppose that III(£")[0 V ] = 0. Let f e IH(£)[p] and let ? E UI(E')\p] such that V (£') = f . 
T/ien 

f G p e_1 ni(£;') zmp/zes £/ia£ £ G p e III(£). 
More generally, ifUI(E') has elements of order p e then UI(E) has elements of order p e+1 . 

Proof. Note that the first statement in the lemma is trivially true if £' = or more generally, 
if £' is divisible. Let us assume that £" E UI(E') such that £' = p e ~ l £," ■ From the pairing (11) 
we see that III(i?')[0 v ] = implies that III(.E') — > UI(E') is surjective, so there is a E 
m(E) such that 0(£'") = f". It follows that 

£ = v o P e - i o0£ w =p e r, 

which gives the statement in the lemma. 
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For the general observation, let £" G ILL(E') be an element of order p e , let £' = p e_1 £" 
and let £ = V £'. Then £ is an element of order p that is divisible by p e . This proves the 
statement. □ 

8. Results from isogeny descents 

The curves D Pti arising in Lemmas 6.1 and 6.2 are principal homogeneous spaces for the 
elliptic curves 

E pA : y 2 = x 3 + 4p 2 x 

E Pt 2 '■ y 2 = x 3 + 6p x 2 + p 2 x 
respectively. There are 2-isogenies fa: E p — > E Pti . 

Proof of (3b). The following discussion holds for % — 1 or % — 2. We do not give details here 
(see [Sil86, Proposition X.4.9]), but a 2-isogeny descent on the pair (E, E p ^) for a prime p = 1 
(mod 8) yields that rkE(Q) < 2 as expected and that \H(E p ^)[fa{\ = (the homogeneous 
spaces found there correspond to the 2-torsion of E). It is perhaps worth noting that for the 
third 2-isogenous curve E p ^ : y 2 = x 3 — px 2 + p 2 x, this is not the case. 

As established before, the curve C Pti represents a class £j in LU(£')[2]. Note that since 
2 = o <fi p , h divisibility of & by 2 implies that there is an everywhere locally solvable 
homogeneous space of E p>i that covers C p>i . Lemma 6.1 or 6.2 shows that this must be D p i , 
so if (±±i) = -1 then & is not divisible by 2 and m(E p )[2°°] = (Z/2Z) 2 andp G W{l)\W{2). 

If (^y-) = 1 then the class £' of D Pii in LU(£'p ) j) satisfies = ^i, so ^ is indeed divisible 

by 2, so p G W(2). □ 

On the other hand, if (^) = 1 then Lemma 7.1 implies that £j is divisible by 2. If we 
can find conditions on p such that the class of D p i is not divisible by 2 in UI(E Pji ) then 
we classify when ^ is divisible by 2 but not by 4 and hence when p is not congruent and 
U1(E P )[2°°] = (Z/4Z) 2 . 

The reason to concentrate on D p \ and D Pt2 is that we can write down nice quartic models 
for them without using any properties about p. Other homogeneous spaces would arise in a 
similar way, but the conic that requires parametrization in order to arrive at a quartic model 
may only be parametrizable if certain arithmetic conditions on p are taken into account, i.e., 
that it is a prime p = 1 (mod 8). We will see in the next section how the nice models of 
D Pt i and D p 2 allow us to make one further step. 

9. Second descents 

Let p be a prime satisfying p = 1 (mod 8) and (^) = 1. In this section, we perform a 
second descent on the curves D p i and D p 2 to determine if their classes are divisible by 2 in 
UI(E Pj i) and UI(E Pj 2)- For any particular p, this is a completely standard procedure which 
can be executed automatically by several computer algebra systems. We give some details 
here because we do the calculation for an unspecified p, which is not completely automated. 

We quickly review the parts of the method we have to refer to explicitly. The method 
we use is largely as suggested in [MSS96]. However, we neglect to explicitly construct the 
coverings. See also [BS09]. 

We consider the smooth projective curve corresponding to the afline model 

D:y 2 = f(x) 
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where f(x) is a square-free quartic polynomial over a field k of characteristic 0. If the leading 
coefficient of f(x) is a square in k then D has /c-rational points P with :r(P) = oo. We denote 
these points with oo + and oo~, where the ± superscript provides an arbitrary but fixed label. 

The curve D is a homogeneous space of an elliptic curve E and invariant theory of binary 
quartic forms provides a degree 4 map D — >■ E, providing D with a torsor structure under 
E[2] with base E. If A; is a number field and D has points everywhere locally then D 
represents a class in III(P)[2]. 

Let L = k[9\ = k[x]/(f(x)). We consider the map 

fi k : D(k) -> L x /L x2 k x 

(xo,Vo) ^ x -9 ifyoT^O 
(x ,0) H- (x -^)+^ 



P i-> 1 if P = oo 



(x-cco) 

± 



x=0 



For k = Q and a place f of /c we write = L (g) Q„ and consider the natural map p v : 
L x /L x2 Q -)• L x /L x2 Q x . We define 

Self akc (P/Q) = {cG L x /L x2 k x : p„(c) G im/i fei , for all places w}. 

We have that the class of P is divisible by 2 in ffl(P) if and only if Self ake (P/Q) is non-empty. 

Let S be the set of places of k containing 2, the places at infinity, the places where 
coefficients of / are not integral and the places where disc(/) is not a unit. We write Ol,s 
for the subring of L of elements that are integral at all places v outside S. 

In our cases, L is a number field where Ol,s has class number 1. In those cases, Self ake (P/Q) 
can be represented by elements in the finitely generated multiplicative group 0^ s . Further- 
more, for such elements 5 we only have to check that p v (5) G im/x^ for the places v G S in 
order to conclude that 5 G Self akc (P/Q) 

Finally, if f(x) has a root in k v , then #im/j, kv = ^ g PKM aiK } jf no root j n ^ 

then # im \i kv = 



#E 


2}{k v ) 


2 


2\ v 



We use the notation for K , K x and their elements as introduced in Section 4. 

Proposition 9.1. Let p = 1 (mod 8) fre a prime satisfying (^y L ) = 1. £e£ 5 = 5 P G P^i = 

Q(Vl + ^ e aw algebraic integer such that Normx 1 /Q(i)(5) = P awd p is a prime ideal above 
p such that S ^ p. Then the following are equivalent. 

(i) The class of D v \ in ffl(P Pi i) is divisible by 2. 

(ii) The class of D p 2 in III (£^2) is divisible by 2. 

(Hi) 



V P 

Proof that (i) is equivalent to (Hi). We compute Self akc (P Pi i) as sketched above. We have 
f(x) = p{x 4 - Ax 3 - 6x 2 - 12x - 7) and L = iVV 

We can take S = {2,p, 00}. Since 2 and p are completely ramified and split respectively, 
we have 4 prime ideals pi, . . . , p4 of Oni above p. We choose generators for them in the 
following way. Let 7r G Om 2 De a generator of a prime ideal of Om 2 above p. Since 0^ 2 
surjects onto (Om 1 /20m 1 ) x , we can assume that ir = 1 (mod 20m x )- We define 

7Ti = 7T 7T, 7T2 = 7T 7T, 71% = 71 7T, 7T4 = 7T 7T 
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and write pi = TTiO^- Let i : M 2 — > Q p be the completion corresponding to 7tOm 2 - We 
identify M 2 with its image under i. The completions i±, . . . , 14 : Ni — > Q p with respect to 
are induced by 1, ip, tra, lot respectively. 
From Norm7v 1 /Q(e + 1) = — 2 we know that 

°l,s = <-l,e,77,e+l,7ri,...,7r 4 ). 

Furthermore, ir 2 ir 3 ii4 = p/ni, so i\\ and 7r 2 7r 3 7r4 represent the same class in C^s/C^sQ*- 
It is straightforward to check that classes in Sel 2 ake (-D Pj i) must be represented by S'-integers 
that have norm in pQ x2 . This means a full set of representatives for Sel 2 ake (-D Pi i) can be 
found in 

(12) {tt^tt; :i = l,...,4}. 

Note that p is a square at 2, so im/ZQ 2 is independent of p. We have that f(x) is irreducible 
over Q 2 and that #E P; i[2](Q 2 ) = 2, so #im/iQ 2 = 2. We compute that 



L 



x imx 



ker(7V: lj%^W )MZ/2Z)2 ' 

that the images of (0, \^—7p), 00 + G -D Pi i(Q 2 ) form im/iQ 2 . We find that it can be repre- 
sented by {l,e 2 } + 20 Nx- Our earlier normalization ensures that 7^ = 1 (mod 20jvJ and 
computation shows that r] ^ e 2 (mod 20jvJ, so from (12) only {tti, . . . , 7r 4 } maps to im /iq 2 . 

Let 6* = e 2 — 2e be a root of f(x) in iVi. We know that f(x) splits completely over 
Q p . Let Ox = ti0, . . . , # 4 = be the roots of f(x) in Q p . We fix L ->■ L p ~ (Q p ) 4 by 

X I—)- (/.]£, . . . , t4x). 

We have #-E Pi i[2](Q p ) = 4. It is straightforward to check that im/XQ p is represented by 
{(#1,0),..., (#4, 0)}, which in L p gives 



(13) 



Wi - e 2 )(o 1 - 3 )(0i - (0i - 2 ), (0i - 3 ), (0i - 84)) 

((9 2 - 9 1 ),p(9 2 - 6i)(02 - 9 3 ){9 2 - 9,), (0 2 - 9 3 ), (0 2 - 9 A )) 
((9 3 - 9 t ), (9 3 - 9 2 ),p(9 3 - 9 1 ){9 3 - 9 2 ){9 3 - 4 ), (9 3 - 9 4 )) 
((0 4 - 9,), (9 4 - 9 2 ), (9 4 - 9 3 )),p(9 4 - 9 l )(9 A - 9 2 )(9 A - 9 3 ) 



If 7Ti represents a class in Sel 2 akc (D p> i) then based on valuations, ~K\ and the first element 
listed in (13) must represent the same class modulo L 2x Q x . That means that 

W T Ki{9 1 -9 2 ){9 1 -9 3 ){9 1 -9 i )\ f p n l (9 l -9 2 )\ ( T ^ 1 {9 l -9 3 )\ (° t k 1 {9 1 -9 4 ) 



it /\vry\7r/\7r 
We notice that the first two and the last two equalities lead to 

V^V^ 7r(fli-fl 3 ) (9i~9 4 ) \ = ( Norm M2/JVo ( r 7r)V2 N 

7T / \ 7T 

which always holds by Lemma 4.1. By equating the second and the last symbol we obtain 

^p^ar^r^^ _ _ g^ ^ ^ Nom^/^ (%"%)(« 

17 



It is straightforward to check that 5 = Norm^/ifi ( p 7r CTT 7r) satisfies the definition set out in 
the proposition, so this establishes that i\\ represents an element in Sel 2 ake (-D Pi i) if and only 
if p satisfies condition (in). The same conclusion holds for the other tti by symmetry. □ 

Proof that (ii) is equivalent to (Hi). We follow the proof strategy we used for the first equiv- 
alence. We choose it G Om 2 m the same way and consider 

TT\ = TT 7T, 7T2 = TT "K , TT3 = TT TT, 7T4 = TT TT . 

The four prime ideals pi,...,p 4 of Ok x above p are generated by the iTi above and the 
completions K\ — > Q p with respect to pi are induced by the same embeddings l, pi, ira, tar 
as before. 

We have f(x) = p(x 4 - 4x 3 + 24x + 20) and L = K 1 and 6 = a 2 - 2a. We can take 
S = {2,p, oo} and we have 

°k u s = (i,Q! + l,Q!,7ri,...,7r4>. 

Note that i = a 4 /2 G -ft' 1 x2 Q x , so for representing Sel 2 ake (-Dp^) we can ignore multiplication 
by i. Norm considerations show that a full set of representatives can be taken from the set 

{tti, . . . , 7T 4 , (a + 1)tti, . . . , (a + 1)tt 4 }. 

A computation as before shows that the images of oo + , (1, y/41p) G D(Q 2 ) form im//Q 2 , 
represented by {1, ?} + 20n x - Since ct + 1 ^ i (mod 2C^J, we find that Sel 2 ake (-D Pi 2) can be 
represented by elements from {tti, . . . , 7r 4 }. 

By setting ^ = ij9 we see that im/i<Q p is represented by the same formulas (13). Based on 
valuations, tt\ can only represent the element corresponding to the first element there. For 
7Ti to represent the same class in L* 2 /Qp , we need that 

"tt^tt^tt^- d 2 ){e x - e z ){e x - ei)\ _ (*k x {q x -b 2 )\ _ /™7n(0i -0 3 )\ _ f^e, -e 4 ) 



TT /\TTj\TTj\TT 

The first and last equalities, together with {6\ — 6^){6i — 6* 4 ) being a square, yield 
^ T TT^TT(e 1 -e 3 )(9 1 -9 4 ) ^ = ^ Norm M2/Ko (%) ^ = ^ 

which holds by Lemma 4.1. Equating the second and the fourth term yields 

, , / ' l) TT GTU TT a TT' JT TTCa 

("> ( 

From Lemma 4.2 with D = i and a = ( we obtain 

^Nor m M2/Ml ( r 7r) \ = U 

TT J \TT 

and another application of Lemma 4.1 gives 



P?) - c- 



fNorm M2 / Na ( T TT)\ ( V2 \ ( C, 



^ NormM 2 /Af„( T 7r) ^ 




TT J \ TT J \ TT I \TT 

Multiplying these with (14) shows that it is equivalent to 



TT 
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1, 



which is the condition stated in the proposition. Conditions for the other tti follow by 
symmetry. □ 



Proof of Theorem B. We assume p G W(2). With Lemma 7.1 and the results of Section 8 we 
have established that [C Pj j] G 4UI(E p ) if and only if D pi G 2UI(E pi ). This is exactly what 
either of the equivalences (%) •<=>- (Hi) and (ii) •<=>■ (Hi) in Proposition 9.1 establish. □ 

10. Comparison of the methods 

This section gives an informal comparison of the methods of proof of Theorems A and B. 
They share some important characteristics and naturally the question arises to what extent 
a framework can be constructed in which both are applications of the same principle. A full 
answer is beyond the scope of this article (see for instance [CTX09]) but we do sketch why 
Theorem A is not directly related to an isogeny. 

Both questions can be interpreted in terms of local-global obstructions to rational or 
integral points on principal homogeneous spaces under algebraic groups. The congruent 
number problem is directly formulated in this language. We have the homogeneous spaces 
C Pt i and D p i under E p and E p i respectively. In our case, for non- congruent primes p = 1 
(mod 8) and assuming that UI(E P ) is finite, Lemma 7.1 yields that #UI(E P ) = A^UI(E P ^) , 
which means that analysis of the 2- and 4-torsion in #ni(£ , Pj j) allows us to obtain information 
about 4- and 8-torsion in UI(E P ). There is a long history of exploiting isogenies to obtain 
information about HI(E) for elliptic curves E, see [Kra83]. 

For the class number problem, we consider integer points on C : x 2 + py 2 = 2. The afflne 
scheme described by this equation is a principal homogeneous space under the algebraic 
group scheme T that describes the kernel of the norm map Norm: Q{\/—p) x — > Q x . The 
fact that C has integer points everywhere locally follows from the fact that there is an ideal 
t of norm 2 and the fact that C does not have global integer points follows from the fact 
that t is not a principal ideal. 

The fundamental step that allows us to prove Theorem A is to base extend to Z[i]. Here 
C does acquire an integer point and we are led to consider essentially the homogeneous 
space D : x 2 + py 2 — 1 + i under T' = T x% Z[i] instead (noting that at 1 + the modified 
notion of primitivity actually describes a slightly different space than the model given here). 
Proposition 5.4 allows us to relate the information back to the quantities we are originally 
interested in. 

Note that in the latter case, the two algebraic group schemes T and V are not isogenous. 
They are not even over the same base. For elliptic curves one can also use base extensions to 
kill part of III, see for instance [Kra81]. This leads to particular instances of Mazur visibility 
[CM00]. See [Bru04] for an explicit description of these ideas regarding III(£')[2] for elliptic 
curves E. 

We searched for a proof of Theorem B based on visibility but were unable to find an 
appropriate base extension or auxiliary elliptic curve that would work for all relevant p. 

Acknowledgements 

We would like to thank Peter Stevenhagen for pointing out the similarities between the 
results for congruent numbers and those for imaginary quadratic class groups. Furthermore, 

19 



we thank Soroosh Yazdani for useful discussions about Lemma 4.1, Tom Archibald for dis- 
cussions about the history of the subject, Jeffrey Lagarias for useful comments and Alexa 
van der Waall for general discussions and suggestions. 

References 

[BC69] Pierre Barrucand and Harvey Cohn, Note on primes of type x 2 + 32y 2 , class number, and resid- 

uacity, J. Reine Angew. Math. 238 (1969), 67-70. MR0249396 (40 #2641) 
[Basl5] L. Bastien, Nombres congruents, Intermediare des Math. 22 (1915), 231-232. 

[Bru04] Nils Bruin, Visualising Sha[2] in abelian surfaces, Math. Comp. 73 (2004), no. 247, 1459-1476 

(electronic), DOI 10.1090/S0025-5718-04-01633-3. MR2047096 (2005c:11067) 
[BS09] Nils Bruin and Michael Stoll, Two-cover descent on hyperelliptic curves, Math. Comp. 78 (2009), 

no. 268, 2347-2370, DOI 10.1090/S0025-5718-09-02255-8. MR2521292 (2010e:11059) 
[Cas62] J. W. S. Cassels, Arithmetic on curves of genus 1. IV. Proof of the Hauptvermutung, J. Reine 

Angew. Math. 211 (1962), 95-112. MR0163915 (29 #1214) 
[Cas65] , Arithmetic on curves of genus 1. VIII. On conjectures of Birch and Swinnerton-Dyer, J. 

Reine Angew. Math. 217 (1965), 180-199. MR0179169 (31 #3420) 
[Coh78] Harvey Cohn, A classical invitation to algebraic numbers and class fields, Springer- Verlag, New 

York, 1978. With two appendices by Olga Taussky: "Artin's 1932 Gottingen lectures on class held 

theory" and "Connections between algebraic number theory and integral matrices"; Universitcxt. 

MR506156 (80c:12001) 

[CL84] H. Cohn and J. C. Lagarias, Is there a density for the set of primes p such that the class number of 
Q( A / r p) is divisible by 16?, Topics in classical number theory, Vol. I, II (Budapest, 1981), Colloq. 
Math. Soc. Janos Bolyai, vol. 34, North-Holland, Amsterdam, 1984, pp. 257-280. MR781142 
(87d:11087) 

[CL83] , On the existence of fields governing the 2-invariants of the classgroup of Q(^/dp) asp 

varies, Math. Comp. 41 (1983), no. 164, 711-730, DOI 10.2307/2007707. MR717716 (85b:11082) 
[CTX09] Jean-Louis Colliot-Thelene and Fei Xu, Brauer-Manin obstruction for integral points of homoge- 
neous spaces and representation by integral quadratic forms, Compos. Math. 145 (2009), no. 2, 309- 
363, DOI 10.1112/S0010437X0800376X. With an appendix by Dasheng Wei and Xu. MR2501421 
(2010c:11072) 

[CM00] John E. Cremona and Barry Mazur, Visualizing elements in the Shafarevich-Tate group, Experi- 
ment. Math. 9 (2000), no. 1, 13-28. MR1758797 (2001g:11083) 
[Dicl9a] Leonard Eugene Dickson, History of the theory of numbers. Vol. II: Diophantine analysis, Wash- 
ington Carnegie Institution of Washington, 1919. 

[Dicl9b] , History of the theory of numbers. Vol. Ill: Quadratic and higher forms., With a chapter 

on the class number by G. H. Cresse, Washington Carnegie Institution of Washington, 1919. 
[DD10] Tim Dokchitser and Vladimir Dokchitser, On the Birch-Swinnerton-Dyer quotients modulo squares, 
Ann. of Math. (2) 172 (2010), no. 1, 567-596, DOI 10.4007/annals.2010.172.567. MR2680426 
(2011h:11069) 

[Hcm06] Brett Hemenway, On recognizing congruent primes, M.Sc. thesis, Simon Fraser University, 2006, 

http : //ir . lib . sf u. ca/handle/1892/3791. 
[Kra81] Kenneth Kramer, Arithmetic of elliptic curves upon quadratic extension, Trans. Amer. Math. Soc. 
264 (1981), no. 1, 121-135, DOI 10.2307/1998414. MR597871 (82g:14028) 

[Kra83] , A family of semistable elliptic curves with large Tate-Shafarevitch groups, Proc. Amer. 

Math. Soc. 89 (1983), no. 3, 379-386, DOI 10.2307/2045480. MR715850 (85d:14059) 
[LcmOO] Franz Lemmermeyer, Reciprocity laws, Springer Monographs in Mathematics, Springer- Verlag, 

Berlin, 2000. From Euler to Eisenstein. MR1761696 (2001i:11009) 
[MSS96] J. R. Merriman, S. Siksek, and N. P. Smart, Explicit ^-descents on an elliptic curve, Acta Arith. 
77 (1996), no. 4, 385-404. MR1414518 (97j:11027) 
[Mil06] J. S. Milne, Arithmetic duality theorems, 2nd ed., BookSurgc, LLC, Charleston, SC, 2006. 
MR2261462 (2007e:14029) 

20 



[Mon90] Paul Monsky, Mock Heegner points and congruent numbers, Math. Z. 204 (1990), no. 1, 45-67, 

DOI 10.1007/BF02570859. MR1048066 (91e:11059) 
[Rub87] Karl Rubin, Tate-Shafarevich groups and L-functions of elliptic curves with complex multiplication, 
Invent. Math. 89 (1987), no. 3, 527-559, DOI 10.1007/BF01388984. MR903383 (89a:11065) 
[RS02] Karl Rubin and Alice Silverberg, Ranks of elliptic curves, Bull. Amer. Math. Soc. (N.S.) 39 (2002), 

no. 4, 455-474 (electronic), DOI 10.1090/S0273-0979-02-00952-7. MR1920278 (2003f:11080) 
[Sil86] Joseph H. Silverman, The arithmetic of elliptic curves, Graduate Texts in Mathematics, vol. 106, 

Springer- Verlag, New York, 1986. MR817210 (87g:11070) 
[Ste93] Peter Stevenhagen, Divisibility by 2-powers of certain quadratic class numbers, J. Number Theory 

43 (1993), no. 1, 1-19, DOI 10.1006/jnth.l993.1001. MR1200803 (94b:11113) 
[Tun83] J. B. Tunnell, A classical Diophantine problem and modular forms of weight 3/2, Invent. Math. 72 
(1983), no. 2, 323-334, DOI 10.1007/BF01389327. MR700775 (85d:11046) 

Department of Mathematics, Simon Fraser University, Burnaby, BC V5A 1S6, Canada 

E-mail address: nbruin@sfu.ca 

URL: http : //www . cecm . sf u . ca/~nbruin 

Department of Mathematics, University of Michigan, Ann Arbor, MI 48109-1043, United 
States of America 



21 



